Will you be the next victim of Firesheep?
Facebook and Twitter, which combine for 700,000,000 active users, are especially susceptible; if you log into them over a free WiFi network, you are putting your entire account in instant jeopardy. Quoth The Globe and Mail, which has also recently covered the tool:
With a download of Firesheep, a plug-in for Mozilla’s FireFox web browser, all it takes is patience and a couple clicks to access someone’s profile on a variety of websites, also including the photo-sharing site Flickr and the WordPress blogging platform.
The program sniffs out log-ons over the network and connects Firesheep users with those accounts.
In a blog post explaining his program, Eric Butler wrote, “Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web.”
“On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy,” Eric wrote. “The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL.”
Firesheep was downloaded well over 100,000 times in less than 24 hours. The account lets average joes literally log into people’s accounts and gain full access. They can change your status, add or delete photos—anything the account owner can do.
Canada’s privacy commissioner is aware of the program but has not initiated an investigation.
Connect to the web via public WiFi with caution—though Eric also states that WiFi isn’t the direct problem; it’s website’s neglect for real security of their user base.